For completeness here's a minimal test case not requiring systemd:
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
network,
file,
unix,
}
# gcc this.c
# ./a.out
lock = 2 (Success)
# aa-exec -p bug-profile ./a.out
lock = 2 (Permission denied)
kernel: audit: type=1400 audit(1530774919.510:93): apparmor="DENIED"
operation="file_lock" profile="bug-profile" pid=21788 comm="a.out"
family="unix" sock_type="dgram" protocol=0 addr=none
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/file.h>
int
main(int argc, char **argv)
{
int sp[2];
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sp) != 0) {
perror("socketpair");
exit(1);
}
int rc = flock(sp[0], LOCK_EX);
printf("lock = %i (%m)\n");
close(sp[0]);
close(sp[1]);
return 0;
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unpriv container
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
